Tracking Rumors (a la the OpenSSH Exploit)

By now, I'm sure you've all heard the OpenSSH Exploit rumor.  The short and sweet points are:

  • The rumored exploit doesn't work on the current version (5.2/5.2p1 as of writing)
  • The rumored exploit does work against older versions (but we don't know how old or when it got fixed)
  • It's not a bad idea to upgrade your OpenSSH (and derivative) services to OpenSSH 5.2.
What really concerns me are forks from OpenSSH that are likely to be ubiquitous in the enterprise. There are many, but the following two seem like A Pretty Big Deal to me:
  • Red Hat Enterprise Linux ships with OpenSSH 4.x, but patches it in-house and releases these updates to RHEL users to fix certain bugs as they're fixed in the 5.x series. 
  • Sun Solaris 10 ships with "SunSSH 1.1" which is basically a mash-up based on OpenSSH 3.5p1.
You see why I'm more than a little concerned, right?   Without having the exploit code to test with, we don't know if the exploit will work against these bastardizations of the OpenSSH code-base.

Without some solid proof, I'm not going to go to my boss and scream that the sky is falling. I just want to stay in touch with the OpenSSH / 0pwn0wn exploit drama. Google Alerts to the rescue!

Google Alerts allows you to get rapid-fire email or RSS feed updates when new items show up in Google's index for given search terms. You can use this for vanity searching and a host of other things... or, as I do, to keep an eye on breaking news for more obscure stuff.

With that, I set up alerts for OpenSSH (News and Blogs) and 0pen0wn (Comprehensive search) - If an exploit is released publicly, I want to know about it so that I can test it and make recommendations on how to fix it.

Also, it's not a bad idea to set up google alerts for other mission-critical products or services you rely on, if for nothing else, to keep your fingers on their pulse.

blog comments powered by Disqus